Description
- Type: CUSTOMER
- Severity: NOTICE
- Protection against: Hacking > Use of Stolen Creds
- FIX Available: YES
This Customer Check verifies if Push notifications via Microsoft Authenticator can be used as a method for two-factor authentication.
Why this check?
Two-factor authentication provides a lot of extra protection against leaked passwords. Microsoft Authenticator is a mobile app for employees' iPhone or Android phone. With this app, two-factor authentication is activated in a secure and user-friendly way.
During a login attempt, the employee will receive an additional verification notification on their mobile phone to approve the attempt.
What are the possible outcomes of the check?
This check has two possible outcomes. In Attic, this is reflected as follows:
- Okay: Push verification via Microsoft Authenticator can be used for two-factor authentication
- Notice: Push verification via Microsoft Authenticator cannot (by everyone) be used for two-factor authentication.
How should this be followed up?
If the output is Notice, we advise making Microsoft Authenticator available for all employees.
A Fix is available for this check, which we will offer via Attic.
Comments
0 comments
Please sign in to leave a comment.